If you read my last article on validation scenarios then you may understand why in different scenarios you may need different attributes to be required. However you may have noticed a missing link – what if in different scenarios you also need different attributes to be considered as “safe”?

If you have no idea about what I am taking about then you probably don’t know that in your model you can specify which attributes are “safe” to massively assign to a model via CModel::setAttributes().

By default, all columns in the table are considered safe except the primary key column (attributes defined in the model are not considered safe by default)

The reason you might not want all attributes to be safe is if for instance you have fields which determine things such as access level. For instance what if you had a User model with a `is_admin` field. If you let `is_admin` be defined as safe, you have a security hole, as someone can take a tool such as urlparams and easily set himself as an admin.

Now you may actually want “is_admin” to be defined as safe in certain scenarios, such as an user administrative page. Thus, as of Yii 1.0.2, you can define scenarios through safeAttributes() which was the initial reason for writing this article.

<?phppublicfunction safeAttributes(){returnarray(// these attributes can be massively assigned in any scenario// that is not explicitly specified below'attr1, attr2, ...',// these attributes can be massively assigned only in scenario 1'scenario1'=>'attr2, attr3, ...',//Eg in this scenario attr1 is NOT safe// these attributes can be massively assigned only in scenario 2'scenario2'=>'attr1, attr3, ...',);}